Google Android System Component Multiple Security Vulnerabilities

Description Google Android is prone to multiple security vulnerabilities. An attacker can leverage these issues to gain sensitive information, elevate privileges or execute arbitrary code in the context of a privileged process. Failed attacks may cause a denial-of-service condition. These issues...

Linux kernel CVE-2019-18198 Local Memory Corruption Vulnerability

Description Linux kernel is prone to a local memory-corruption vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been...

Microsoft Windows Kernel CVE-2018-0973 Local Information Disclosure Vulnerability

Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...

Microsoft Windows Kernel CVE-2018-0742 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based...

Oracle Java Runtime Environment CVE-2013-0422 Multiple Remote Code Execution Vulnerabilities

Description Oracle Java Runtime Environment is prone to multiple remote code execution vulnerabilities. An attacker can exploit these issues to execute arbitrary code in the context of the application. Versions prior to Oracle JRE 1.7.0 Update 11 are vulnerable. Technologies Affected CentOS CentO...

Microsoft SharePoint CVE-2011-1893 Cross Site Scripting Vulnerability

Description Microsoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...

NCTsoft NCTAudioFile2 ActiveX Control Remote Buffer Overflow Vulnerability

Description NCTsoft NCTAudioFile2 ActiveX control is prone to a buffer-overflow vulnerability. The software fails to perform sufficient bounds-checking of user-supplied input before copying it to an insufficiently sized memory buffer. NCTAudioEditor is a collection of ActiveX controls for...

[Full-disclosure] CAID 33485 - Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability CA Vulnerability ID: 33485 Discovery Date: 2005-10-06 CA Advisory Date: 2005-10-14 Discovered By: EMendoza Impact: Remote attacker can execute arbitrary code...

Microsoft Windows License Logging Service Buffer Overflow Vulnerability

Description A buffer overflow exists in the Microsoft Windows License Logging Service. This could allow remote execution of arbitrary code. Technologies Affected Microsoft Small Business Server 2000 Microsoft Small Business Server 2003 Microsoft Windows 2000 Advanced Server Microsoft Windows 2000...

Microsoft Windows Kernel Unchecked LPC Buffer Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a locally exploitable privilege escalation vulnerability. This is reportedly due to an unchecked buffer that is exposed through the LPC Local Procedure Call interface in the Windows kernel. Successful exploitation would permit a local attacker to compromi...

Microsoft Windows Kernel Virtual DOS Machine Privilege Escalation Vulnerability

Description Microsoft Windows Kernel Virtual DOS Machine is reported prone to a local privilege-escalation vulnerability. The Microsoft Virtual DOS Machine VDM is a protected environment that emulates MS-DOS on Windows NT-based operating systems. This issue is caused by an access-validation error...

Microsoft Window Management API Local Privilege Escalation Vulnerability

Description Microsoft has reported that several unspecified Window Management API functions can allow a local attacker to change the attributes of an application with higher-level privileges to gain elevated privileges on a vulnerable computer. This issue represents a fundamental design flaw;...

Microsoft Windows Kernel Local Denial of Service Vulnerability

Description The Microsoft Windows kernel is prone to a denial-of-service vulnerability that can allow a local attacker to cause a vulnerable computer to stop responding and to restart. This issue does not pose a privilege-escalation threat. Technologies Affected Avaya DefinityOne Media Servers...

Microsoft GDI+ Library JPEG Segment Length Integer Underflow Vulnerability

Description Microsoft Graphics Device Interface GDI+ JPEG handler is reported prone to an integer underflow vulnerability when handling JPEG format images. This issue presents itself due to a lack of sufficient sanity checks performed on certain JPEG data before this data employed as a bounds val...

Microsoft Windows Management Local Privilege Escalation Vulnerability

Description Microsoft Windows Management is prone to a local privilege-escalation vulnerability that may allow a local attacker to execute arbitrary attacker-supplied code with SYSTEM privileges. Technologies Affected Avaya DefinityOne Media Servers Avaya IP600 Media Servers Avaya S3400 Message...

Microsoft Jet Database Engine Remote Code Execution Vulnerability

Description It has been reported that Microsoft Jet Database Engine Jet is prone to a remote code execution vulnerability that that may allow remote attackers to execute arbitrary code in order to gain unauthorized access to a vulnerable system. This issue presents itself when a specially crafted...

Microsoft Windows SSL Library Denial of Service Vulnerability

Description Microsoft Windows SSL library is reported to be prone to a denial of service vulnerability. It has been reported that an attacker could trigger this issue by sending a specially crafted TCP message that causes the protocol to fail resulting in a denial of service. Successful...

RSync Daemon Mode Undisclosed Remote Heap Overflow Vulnerability

Description rsync has been reported prone to an undisclosed heap overflow vulnerability when running in daemon mode. The issue has been reported to be remotely exploitable and will provide for an execution of arbitrary code. Technologies Affected Apple Mac OS X 10.2.8 Apple Mac OS X 10.3.2 Apple...

Microsoft Windows RPCSS Multi-thread Race Condition Vulnerability

Description It has been reported that a variant attack in the RPCSS service of Microsoft Windows exists. Because of this, it may be possible for an attacker to mount denial of service attacks and execute arbitrary code on the affected system. The source of the issue is reportedly a multi-thread...

Cisco IOS Malicious IPV4 Packet Sequence Denial Of Service Vulnerability

Description A denial of service vulnerability has been reported to exist in all hardware platforms that run Cisco IOS versions 11.x through 12.x. This issue may be triggered by a sequence of specifically crafted IPV4 packets. A power cycling of an affected device is required to regain normal...